elaman 

eanMAN ticuniTt solutions 




Key Features at a Glance 



* Real-Time Network Data 
Caplue 

* Advanced Visualizarioi 

* Patten Analysis 

* Cantent Analysts 

* Forensics Knowledge Base 

* On-Demand Incident 
Playback 

* Secirity Investigation and 
Repotting 

* Communication Sequencing 

* Architectue Flexibility 



What's New 



• Enbedded fogies “ i3 

Database 

• Enhanced.. Flexible 
Architectue 

• System Availability 

• Database Management 

• INireless Ether net LAN 
Monitormg 

• Appliance Optioi 

• Performance 

• Stability 

• Tun Key System Components 
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©Trust™ Network Forensics r8 

eTrust™ Network Forensics helps your organization secure its network and ensure 
availability by capturing real-time network data to identify how your business 
assets are affected by network exploits, internal data theft, and security or HR 
policy violations, As part of Computer Associates International, Inc/s (CA) 
Enterprise Infrastructure Management strategy, eTrust Network Forensics can 
help your organization mitigate risk, comply with regulations, and reduce analysis 
and investigation cost by allowing your IT and security staff to visualize network 
activity, uncover anomalous traffic and investigate security breaches, 



IT Security Forensics and 
Investigation Challenges 

The success of organisations today relies 
significantly on the security and availability 
of their networks. However, networks are 
complex and their topographies are always 
changing, forcing your IT and security staff 
to react constantly. Security breaches are 
increasing, with more than 70% being per- 
petrated by authorized employees. 
Furthermore, businesses are under pressure 
to comply with regulations, such as the 
Health Insurance Portability and Accountability 
Act (HIPAA) and Sarbanes-Oxley (SOX), as 
well as internal security and human 
resource policies to ensure the integrity and 
availability of their systems. 

Organizations require a network security 
investigation and forensics solution that can 
help them build intelligence about their net- 
work usage, identify suspicious patterns 
and expose weaknesses and anomalies. 

Visualize, Uncover, Investigate 
eTrust Network Forensics effectively answers 
the difficult question of "What happened?" in 
the aftermath of a security incident by tackling 
the complicated task of capturing, analyzing 
and visualizing network data. eTrust Network 
Forensics provides a passive network monitor- 
ing solution that visualizes network activity by 
creating a dynamic picture of communication 
flows to swiftly uncover break-in attempts, 
weaknesses, abnormal usage, policy violations 
and misuse, and anomalies before, during and 
after an incident. 



Operating like a surveillance camera, eTrust 
Network Forensics can play back events 
from thousands of communications to validate 
system threats and investigate security 
breaches. It identifies the offender and 
helps you mitigate the recurrence of the 
same security incident. eTrust Network 
Forensics enables your organization to 
reduce investigation costs, while improving 
efficiencies in security planning, deployment 
and recovery. In addition, eTrust Network 
Forensics helps monitor infractions to 
regulatory controls and policy violations by 
providing supporting reports for auditing 
requirements and contributes demonstrable 
compliance to internal controls policies and 
government regulations. 

Distinctive Features and Functions 
Network Traffic Recording and 
Visualization. eTrust Network Forensics 
promiscuously monitors and records 
network traffic in all seven layers of the Open 
Systems Interconnection (OS I) stack in real 
time and uses advanced visualization tools to 
create a picture of communication flows to 
swiftly expose anomalies, illegal connections 
and security and network problems. 

® Real-Time Network Data Capture. eTrust 
Network Forensics promiscuously monitors 
more than 1,500 protocols and services out 
of the box and records network activity in 
real time into a central database that can be 
queried, providing a complete view of how 
network communications are impacting 
security and availability. 
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Figure 1. Critical Path ; Visualize nodal communications and expose patterns or hidden data 
relationships with geospatial accuracy to reflect physical asset locations. 



• Advanced Visualization, eTrust Network 
Forensics helps you detect anomalies or 
trouble spots by -transforming raw net- 
work data into actionable knowledge. It 
generates interactive graphical representa- 
tions of the series of events representing 
the propagation of an attack or other sus- 
picious activity. Through visual representa- 
tions,. you can efficiently analyze users, 
hosts, domains, applications, protocols 
and addresses — detecting changes or 
abnormalities from established network 
baselines (see Figure 1). 

Pattern and Content Analysis. Visualize 
and depict abnormal usage, and analyze 
emails, keywords, images or other refer- 
ences to reveal improper data exchange 
or leakage. 

• Pattern Analysis. eTrust Network 
Forensics allows you to identify network 
usage patterns and build "integrated 
maps" of certain assets or users — such 
as after-hours usage spikes, and mapping 



of viruses and worms proliferation — and 
then examine the forensics evidence to 
determine the root cause of a security 
breach. By correlating network activity 
with security events, it can quickly 
distinguish between diversionary and 
truly malicious incidents. 

• Content Analysis. eTrust Network 
Forensics utilizes a statistical process 
called n-gram analysis to evaluate 
similarities within emails, documents, 
spreadsheets and so on. Independent of 
keyword or linguistic matching, you can 
determine how proprietary or inappropriate 
information proliferated from code 
servers, HR or financial databases, R&D 
labs and others. 

Forensics Knowledge Base. eTrust 
Network Forensics stores and catalogues 
network data into a central repository 
allowing you to play back the exact 
sequence of events aiding to ensure 
effective and accurate investigations. 
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Figure 3 . Flexible Architecture: eTrust Network Forensics components can be implemented 
on a single laptop cron either software-based distributed enterprise deployment . 



architectures to provide quick and 
efficient data analysis. Real-time network 
data is collected from either single or 
multiple collection points within the 
network. eTrust Network Forensics then 
enables you to analyze and investigate a 
targeted traffic, allowing you to filter the 
data that should be sent to the central- 
ized data store. With this flexibility, you 
can reduce the size of your data store 
and increase your efficiency as only 
relevant data about your networks and 
their structure are examined from one 
central repository. For data storage, you 
can use CA's Ingres r3 DBMS, which is 
embedded and distributed with eTrust 
Network Forensics or Oracle 3.x and 
lOx, which are also supported. 

-Distributed Monitoring. Gain visibility 
into multiple networks at once and corre- 
late network data across the enterprise. 
eTrust Network Forensics utilizes a 
flexible and secure way to transfer data 
from multiple eTrust Network Forensics 
Collectors to a centralized data store. 



Data transmission between system 
components is compressed and 
encrypted using SSL with certificates. 

- Mobile Solution. Mobility is key when 
investigating an incident. eTrust Network 
Forensics supports mobile deployments 
for local policy audits and investigations. 

* Forensic Analysis on Correlated Events. 
eTrust Network Forensics visualizes audit 
logs and alerts, and correlates actual 
network traffic to provide a complete 
picture of activity around the time a 
suspicious event occurred (see Figure 4). 

- Firewall, IDS, Syslog. eTrust Network 
Forensics can extract and visualize events 
or alerts from IDS, Firewall, Syslog or 
other reporting system directly. eTrust 
Network Forensics supports the following 
third-party products: Radius, AventTail 
VPN, NetScreen VPN Syslog, Cisco PIX 
and IDS, ISS Real Secure, Check Point 
FlneWall and more. 

- eTrust™ Audit. eTrust Network 
Forensics visualizes security events that 
have already been aggregated, normal- 
ized and reduced by eTrust Audit. 
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• Performance, eTrust Network Forensics sys- • Turn Key System. The appliances are 
tern performance is enhanced by utilizing a shipped preloaded with the eTrust 

mod if ied a p p I ia nee conf igu ra ti on . Addition al ly, N et wo rk F ore ns ics Co I lector or Loade r 

eTrust Network Forensics can scale to gigabit software, requiring minimal customization 

collections by using Top Layer's ca smart™- to operate. 



certified load ba lancer. 

• Stability. eTrust Network Forensics appliances 
are optimized to work with eTrust Network 
Forensics, which account for a stable and 
more scalable architecture between product 
components. 
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If you would like further Information about ELAMAN, 
or would like to discuss a specific requirement or project, please contact us at: 

Elaman GmbH 
German Security Solutions 
Seitzstr. 23 
80538 Munich 
Germany 

Tel: +49-89-24 20 91 80 
Fax: +49-89-24 20 91 81 
info@elaman.de 
www.elaman.de 




